Suggestions to seperate lans

W

Wang191

[H]ard|Gawd
Joined
Nov 30, 2000
Messages
2,026
I am looking to have two lans in my home.

One LAN will support cat5 drops around the home for anyone to plug into and also be part of my "Control Lan" which is basically used for home automation and considered less secure. This lan will have a wireless access point or two.

The second LAN will consist of 4 wired computers hard line that I want to be seperate from the "Control Lan."

Finally I will have a file server with two NICs and a Remote Desktop PC with two NICs so that I can hit both of these servers from either of the two LANs.

How can I accomplish this with the following.
1 Linksys 4 port wired + wireless router
1 Linksys 4 port wired router
1 24 port Asus Managed Switch (with vlan capabilities)


Thanks for any suggestions.
 
if you use third party firmwares for linksys (example for wrt54xx ddwrt)
you can make different vlan-s and rules for each of them
 
Wang191 said:
1 24 port Asus Managed Switch (with vlan capabilities)


Thanks for any suggestions.
Click to expand...

Looks like you're all set. Create a VLAN such as VLAN1..and plug/uplink your first network into that. Create another VLAN..say...VLAN2..and plug/uplink your second network into that one. Computers of each respective VLAN cannot see or communicate in any means..with PCs in the other VLAN.
 
Is it good practice to change the ip range and subnet for each vlan or can i make them the same?
 
I just realised there is one issue this vlan configuration does not do for me (at least I havn't found the solution yet) and that is to allow both vlans access to my one internet connection.

The main WAN connection comes into my linksys (wired router) and hits the private vlan via port 1 of the linksys.

The wireless linksys router is connected to vlan 2 but not to the internet.

What would be a good config to make that connection yet keep it away fromthe private lan.
 
u can do it with dd-wrt.

ive dont it.

192.168.1.x network, 192.168.2.x network, 192.168.1.x can see 192.168.2.x but 192.168.2.x cant see 192.168.1.x

i couldn't figure out how to do vlan with that switch with sharing the wan.
 
Thanks all.
I got it working pretty well. Ended up using default firmware for the linksys and setup some static routes and got all the communication working properly between the Vlans the way I wanted.
 
mind describing how you did it? last time i tried i didn't see option for it, how exactly do you make the vlans, hten how did you get them to use the same wan
 
Wang191 said:
I just realised there is one issue this vlan configuration does not do for me (at least I havn't found the solution yet) and that is to allow both vlans access to my one internet connection.

The main WAN connection comes into my linksys (wired router) and hits the private vlan via port 1 of the linksys.

The wireless linksys router is connected to vlan 2 but not to the internet.

What would be a good config to make that connection yet keep it away fromthe private lan.
Click to expand...

Very easily done with port based VLANs. You simply make the port which uplinks to your router...a member of both VLANs. Lets say you make VLAN 1 using ports 1,2,3,4. And VLAN 2 using ports 5,6,7,8,9,10. Take port 24 or something..and uplink that from your switch to your router. You add port 25 to both VLANs. Incredibly simple..no need to bother with more internal routing and diff IP ranges.
 
Unfortunatly the asus switch doesn't allow you to make a port part of more than one vlan. Also I wanted to run two seperate networks so I have to keep the vlans seperate.
One thing to note about the asus switch is that once you create the vlans you have to go back in and actually enable vlan settings. it's the first check box on the config settings for the vlan setup. THat must be enabled. It's called "Vlan Function". Once I enabled that the vlans went into effect.

What I did was run the WAN connection into my wireless router. Then plugged port 1of that router into one of the ports i set up as vlan1.

THen i plugged port 1 of my wired router into one of the ports that i created as vlan2.
I pluged the wan port of the wired router into port 2 of my wireless router.

So by doing that my control lan had full access to the internet.
The private lan (vlan 2) couldnt go anywhere. SO i had to setup a static route in the wired router to point to the wireless router (as a gateway).

Now the wired computers can see all pc's on the control lan (vlan 1) but vlan 1 can't see anything in the wired (private) lan.
 
Sounds like you ended up just doing a double NAT setup..effectively WAN port of wired router was inside the LAN ports of the wireless router.
 
Exactly.

Does this seem like an effective strategy to keep the wired lan secure and seperate from the wireless lan? Is there some security risk I am overlooking?
 
You must log in or register to reply here.
Back
Top